Listing Description
Arcadia is dedicated to happier, healthier days for all. We transform diverse data into a unified fabric for health. Our platform delivers actionable insights for our customers to advance care and research, drive strategic growth, and achieve financial success. For more information, visit arcadia.io.
Why This Role Is Important to Arcadia
The role of the Security Risk and Compliance Analyst is to ensure Arcadia is conducting its business in full compliance with all state and federal healthcare laws and regulations, data protection laws, as well as professional standards, accepted business practices, and internal requirements. The Analyst will also work to ensure full compliance with SOC 2, ISO 27001, and HITRUST Certification Requirements.
The Security Risk, and Compliance Analyst will work as a member of the Information Security team. This role will partner with teams throughout Arcadia to ensure technical security and data protection requirements are aligned with compliance requirements and consistently implemented.
The Analyst will work with development and infrastructure teams to detect, mitigate, and finally remediate vulnerabilities. The Analyst will do this work in alignment with service level agreement response times to ensure alignment with legal and regulatory requirements.
The Analyst will also provide cyber security information in response to customer questionnaires, RFPs/RFIs, as well as external
audits.The Analyst will work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light.
What Success Looks Like
In 3 months
- Support SOC 2, ISO 27001, and HITRUST audits.
- Develop understanding of the vulnerability detection process.
- Assist in evidence gather for audits and assessments.
- Develop, manage, and maintain a registry of cyber security risks.
In 6 months
- Assist in the implementation of a GRC solution.
- Implement Arcadia's trust portal.
- Own the vulnerability management remediation process.
- Owning tasks associated with the Security Risk and Compliance Analyst role.
- Reviewing and redlining security terms in contracts.
- Completing customer and vendor security assessments.
In 12 months
- Reviewing security documentation on an annual basis.
- Assist in the management of audit processes.
- Manages evidence gathering for audits and assessments.
What You'll Be DoingSupporting of the Information Security team with ongoing compliance efforts related to SOC 2, ISO 27001 and HITRUST Certification along with general state and federal healthcare, privacy, and security requirements.Ensuring compliance with HIPAA, Healthcare IT, Medicare, and Medicaid requirements.Ensuring compliance with Federal and State regulations and policies as they relate to healthcare privacy and security.Creating/revising applicable company healthcare policies.Regularly reviewing policies and procedures to ensure ongoing compliance.Fill out standardized security questionnaires based on existing policies and procedures.Manage and maintain a registry of cyber security risks.Manage the remediation of vulnerabilities within Arcadia.Update processes and provide metrics on vulnerabilities to better resolve.Assist in the development and implementation of Business Continuity Planning and testing.Coordinate and track all information technology and security-related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes.Supporting the Operations, Engineering, Production Support, and Technical Implementation teams by providing the necessary compliance expertise required to ensure that applications and infrastructure are implemented in accordance with company compliance objectives.Ensuring that Arcadia’s infrastructure and applications meet Arcadia’s security and privacy compliance objectives (as outlined in Policies and Procedures).Maintaining a matrix of client compliance requirements and performing regular compliance reviews.Maintain Arcadia's trust portal and manage access for existing and prospective customers.Monitoring the implementation of any prescribed corrective actions resulting from client assessments.Supporting the completion of privacy/security assessments and annual audits for customers/prospective customers.Supporting annual compliance audits (HITRUST, ISO and SOC 2) and customer assessments (and the preparation for both).Producing as required, any compliance metrics reports for the Chief Information Security Officer (CISO), Senior Director of Information Security & Compliance, and any other stakeholders or privacy/security steering committees prescribed.Responding to requests for consultation or other inquiries from staff and provide compliance advice as required.Supporting any requests for information by any external authoritative agencies as required (e.g., assessors, auditors, investigators, etc.).Providing any requested input for the ongoing maturation and development of the compliance and governance strategies necessary to support the business planning process.Maintain currency and expertise with emerging trends in compliance and governance standards and technologies (both internal and external).
What You'll BringGood working knowledge of compliance as it relates to healthcare privacy and security, governance, and risk concepts and practices.Basic understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001/2, ISO 27701, GDPR).At least 2-3 years of healthcare compliance experience.Experience in vulnerability management or knowledge of the process.Background in healthcare technology, EHR implementation and healthcare compliance.Strong understanding with HIPAA, Medicare, and Medicaid requirements.Ability to work independently.Advanced computer skills and excellent written and oral communication skills.
Would Love For You To Have4+ years experience in performing information security audits or risk assessments.Knowledge of securing network technologies, client, and server operating systems.Certifications: CISA, ISACA, CIPP, CISSP, CISMManagement of regulatory, internal, or external audits, or experience as an auditorExperience reviewing and redlining security terms in contracts.
What You'll GetThe opportunity to work for an amazing, fast-growing software company leveraging a highly scalable cloud platform.You seek a fun culture that encourages you to speak up and fosters creative thinking.You want to use your skills to make an impact in healthcare.Awesome work environment.Competitive compensation.Great benefits like flextime time off.About Arcadia
Arcadia.io helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health. We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our
website, our
online resources, and our interactive
Data Gallery.
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided